Home Company Information Consulting Course Catalog Contact Us Request a Quote Government Corporate
 

 
Certified Information Systems Security Professional (CISSP) Training: Onsite Training:

Getting the Right Knowledge to the Right People at the Right Time. Anywhere. With Client Site Training, courses can be scheduled on a date that is convenient for you, and because they can be scheduled at your location, you don't incur travel costs and students won't be away from home. An additional advantage is that the class is taught on your equipment, so students are learning in their work environment rather than in a classroom setup.

The Certified Information Systems Security Professional (CISSP) is a very difficult certification to achieve and is considered a global standard that proves an individualís proficiency in several different security disciplines. It attests to that personís ability to meet a stringent set of criteria as defined by the (ISC)² and is a testament to the individualís skill in comprehending a broad spectrum of information system security concepts, principles, and methodologies.

Since the CISSP credential covers a wide range of security-related topics, it is seen as a requirement for many technical, mid-management, and senior management positions.

The Common Body of Knowledge (CBK) was carefully constructed to cover all essential elements necessary for thorough security today. The CISSP exam covers the CBK, which is broken down into the ten domains listed next.

  • Access Control Systems and Methodology
  • Applications and Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation, & Ethics
  • Operations Security
  • Physical Security
  • Enterprise Security Architecture
  • Security Management Practices
  • Telecommunications, Networks, and Internet Security

Businesses pay for their employees to gain knowledge that can be brought back to the company and used to improve that organization overall. The knowledge should be utilized to enhance services and products, secure business functions and infrastructures, provide better implementation processes, restructure critical programs and procedures, and keep the company up-to-date on todayís business and security strategies, technologies, and best practices.

 
Who Should Attend - Prerequisite:
Any individual may attend this course, but those with experience in one or more of the ten domains will reap the greatest benefits.

Enrolling for the certification exam on Day 7 is not mandatory, but is advised while information is current. Some students, however, prefer to do additional review and attempt the exam at a later date. (ISC)2 has specific requirements for exam enrolling procedures, which are separate from this course.
 
Course Aims:

To obtain the CISSP credential, individuals are required to have a broad range of knowledge across all domains. This includes security policy development, secure software development procedures, network vulnerabilities, attack types and corresponding countermeasures, cryptography concepts and their uses, disaster recovery plans and procedures, risk analysis, crucial laws and regulations, forensics, computer crime investigation procedures, physical security, and much, much more.

Enoís materials allows your students to provide a comprehensive CISSP course with a goal of not only helping students achieve their CISSP certification, but to help teach them the complex concepts that fill the CBK. Students will learn the contents and concepts of the diverse domains and how they should work together to provide true in-depth defense.

Over 1,500 pages containing the following items:

  • 10 modules cover the 10 domains of the Common Body of Knowledge
  • Each and every slide the instructor will present in-class
  • Professionally developed graphics for conceptual understanding
  • 3-D animations for understanding of complex concepts
  • Underneath each slide there is 4-5 paragraphs explaining concepts in slides, Configuration Steps, Hints, Warnings, Tips, Tables, etc.
  • Each module has a Quick Tips section, Summary section, Terminology section, and 20 question and answers
  • Review materials for the 6th day of class include the following;
  • A final practice exam of 200+ questions in addition to those included in student manual
  • A CISSP review sheet
  • A CISSP cram session

Upon class completion, students will have been provided background and participated in discussions related to the 10 domains of the CBK. This information will provide a solid foundation in preparation for security professionals taking the CISSP exam administered by (ISC)². More importantly, this course will broaden the studentís current understanding of all of the components that are necessary to provide true security. These items are presented in a manner that will allow the students to bring back security solutions to their current employer.

 
The Ten Domains and Modules in Detail:

As stated, each candidate for CISSP certification is expected to be knowledgeable in each of the ten domains. This includes an understanding of the various concepts, skills, and technologies within those domains. The ten domains and topics covered are:

I. Security Management Practices

  • Types of Security Controls
  • Components of a Security Program
  • Security Policies, Standards, Procedures, and Guidelines
  • Risk Management and Analysis
  • Information Classification
  • Employee Management Issues
  • Threats and Corresponding Administrative Controls

II. Access Control Systems and Methodology

  • Identification, Authentication, and Authorization Techniques and Technologies
  • Biometrics, Smart Cards, and Memory Cards
  • Single Sign-On Technologies and Their Risks
  • Discretionary versus Mandatory Access Control Models
  • Rule-based and Role-based Access Control
  • Object Reuse Issues and Social Engineering
  • Emissions Security Risks and Solutions
  • Specific Attacks and Countermeasures

III. Cryptography

  • Historical Uses of Cryptography
  • Block and Stream Ciphers
  • Explanation and Uses of Symmetric Key Algorithms
  • Explanation and Uses of Asymmetric Key Algorithms
  • Public Key Infrastructure Components
  • Data Integrity Algorithms and Technologies
  • IPSec, SSL, SSH, and PGP
  • Secure Electronic Transactions
  • Key Management
  • Attacks on Cryptosystems

IV. Physical Security

  • Facility Location and Construction Issues
  • Physical Vulnerabilities and Threats
  • Doors, Windows, and Secure Room Concerns
  • Hardware Metrics and Backup Options
  • Electrical Power Issues and Solutions
  • Fire Detection and Suppression
  • Fencing, Lighting, and Perimeter Protection
  • Physical Intrusion Detection Systems

V. Enterprise Security Architecture

  • Critical Components of Every Computer
  • Processes and Threads
  • The OSI Model
  • Operating System Protection Mechanisms
  • Ring Architecture and Trusted Components
  • Virtual Machines, Layering, and Virtual Memory
  • Access Control Models
  • Orange Book, ITSEC, and Common Criteria
  • Certification and Accreditation
  • Covert Channels and Types of Attacks
  • Buffer Overflows and Data Validation Attacks

VI. Law, Investigation, and Ethics

  • Different Ethics Sets
  • Computer Criminal Profiles
  • Types of Crimes
  • Liability and Due Care Topics
  • Privacy Laws and Concerns
  • Complications of Computer Crime Investigation
  • Types of Evidence and How to Collect It
  • Forensics
  • Legal Systems

VII. Telecommunications, Networks, and Internet Security

  • TCP\IP Suite
  • LAN, MAN, and WAN Topologies and Technologies
  • Cable Types and Issues
  • Broadband versus Baseband Technologies
  • Ethernet and Token Ring
  • Network Devices
  • Firewall Types and Architectures
  • Dial-up and VPN Protocols
  • DNS and NAT Network Services
  • FDDI and SONET
  • X.25, Frame Relay, and ATM
  • Wireless LANs and Security Issues
  • Cell Phone Fraud
  • VoIP
  • Types of Attacks

VIII. Business Continuity Planning

  • Roles and Responsibilities
  • Liability and Due Care Issues
  • Business Impact Analysis
  • Development Process of BCP
  • Backup Options and Technologies
  • Types of Offsite Facilities
  • Implementation and Testing of BCP

IX. Applications & Systems Development

  • Software Development Models
  • Prototyping and CASE Tools
  • Object-Oriented Programming
  • Middleware Technologies
  • ActiveX, Java, OLE, and ODBC
  • Database Models
  • Relational Database Components
  • CGI, Cookies, and Artificial Intelligence
  • Different Types of Malware

X. Operations Security

  • Operations Department Responsibilities
  • Personnel and Roles
  • Media Library and Resource Protection
  • Types of Intrusion Detection Systems
  • Vulnerability and Penetration Testing
  • Facsimile Security
  • RAID, Redundant Servers, and Clustering


Want to learn more? Contact the Eno sales office nearest you. Or call Eno Education Network at 703-370-5281.

 
CISSP Exam Information
(ISC)² Requirment to Take The Exam:

Students must subscribe to the (ISC)2 Code of Ethics.
Students must have a minimum of four years of direct full-time security professional work experience in one or more of the ten test domains of Common Body of Knowledge (CBK), or three years of direct full-time security professional work experience in one or more of the ten test domains of the CBK with a college degree. A master's degree in Information Security from a National Center of Excellence can substitute for one year of the four-year requirement.

ote: Valid experience includes information systems security-related work performed as a practitioner, auditor, consultant, vendor, investigator, or instructor, or that which requires IS security knowledge and involves direct application of that knowledge.

After passing the exam, students will need to submit a signed endorsement form. This form attests to the studentís experience and credentials and must be signed by either another CISSP or an executive at the studentís employerís office. It must then be sent to (ISC)².

CISSP Exam Structure:

The CISSP Certification examination consists of 250 multiple- choice questions. Candidates have up to six hours to complete the examination.
A language dictionary may be used (such as a French-to-English dictionary, or similar).

CISSP Certification Examination Fees

Early Registration Fee: $495
With payment in full received at least 16 calendar days in advance of the exam date

Standard Registration Fee: $595
With payment in full received less than 16 calendar days prior to the exam date

(These are handled through (ISC)2 and not Eno.com.)

Rescheduling Fee:

A $100 additional fee is required to change the date of the examination once payment has been received.
 

For organizational purchases, please send us a message at salesinfo@eno.com or complete and submit this form. call Eno Education Network at 703-370-5281.